SSL and the Future of Authenticity

Explore a thought-provoking keynote address on SSL and the future of authenticity in cybersecurity. Delve into the evolution of e-commerce, web applications, and the challenges faced by browser vendors in establishing trust. Examine the implications of state-sponsored cyber warfare and the ideological aspects of digital security. Analyze the current SSL certificate system, its relationship with DNS records, and the potential impact of domain seizures. Investigate alternative approaches to digital trust, including user-initiated verification and the CONVERGENCE system. Consider the elimination of Certificate Authorities (CAs) and the implementation of self-signed certificates. Discuss privacy concerns, server-side implications, and potential solutions to common issues like captive portals.

Intro
picture
hack -- war
What does this mean?
How would they use them?
referrer
early 90's
e-commerce
web applications
billion
million
intense pressure
4am decisions == javascript
entirely theoretical
cyber war
happening every day
Mike Zussman just asked for it.
State Sponsored?
good news
problem?
What happened to Comodo?
ideological
browser vendors
trust agility
one decision for everyone?
our data, our trust decision
SSL Cert -- DNS Record
information -- distributed
trust -- centralized
DNSSEC == CA System
domain seizures
COICA, PROTECT IP, etc...
forever
user initiated
implementation
self-signed certs
initial connection
eliminate CAs entirely
notary lag
CONVERGENCE
+ privacy
Servers Do Nothing
no more self-signed certificate warnings
problems
captive portals